The Target: Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets.
The Take: An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including names and Social Security numbers, as well as their dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance.
The Vector: The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.